Hey y’all!

I am after the colelctive expertise of this fantastic community. My family and i are moving overseas for a year for a pacific adventure, which leaves my hosting setup in a bind. We will be renting out our house and i will need to move all of my ‘servers’ (read laptop and NAS) out.

All of my services are in docker.

My main services that i MUST keep are:

  • Immich
    • 600Gb or so
    • very important as we will be taking a HEAP of photos.
  • paperless
  • vaultwarden
  • custom location tracking service
  • radicale

I would also like to make it so that all of my media is still available, but i may need to get a set up at a friends house. I have jellyfin plus a bunch of *arr’s

I was thinking a mix between at a mates house and a cloud server.

any thoughts?

edit: a lot of my services are exposed publicly, via Nginx proxy manager.

  • Admiral Patrick
    link
    fedilink
    English
    9
    edit-2
    11 months ago

    Are any of your services public facing? If so, you might want to make the VPS your reverse proxy and VPN server and have your stack at your friend’s house connect to the cloud server via VPN. The reverse proxy on the VPS would connect back over the VPN to the equipment at your friend’s house.

    This would prevent your friend from having to open ports in their router and from exposing their IP to the world (beyond their normal traffic, that is).

    Plus, it would allow you to VPN-in to manage as well as have a “kill switch” should you need it (cyberattack, etc)

    I would not run any of the *arrs on a network that is not yours (even if you have them routed through a VPN). It puts a liability on your friend and may eat up their bandwidth.

    And definitely make sure your friend knows what they’ll be hosting for you and how it may impact their network.

    • @palitu@aussie.zoneOP
      link
      fedilink
      English
      4
      edit-2
      11 months ago

      Are any of your services public facing?

      Yes. i think that is like a “bastion” server, or something like that. good idea. I expect that i can get more-or-less free VPS, and just run the NPM and tailscale or something there.

      I would not run any of the *arrs on a network that is not yours

      Good thought, i dont think i would need it whilst i am away anyway.

      And definitely make sure your friend knows

      yep, responsible hosting :D

      thanks for the thoughts.>

      • lemmyvore
        link
        fedilink
        English
        111 months ago

        Well not free VPS (if you want it to be semi-reliable) but within $3-5/mo.

        You don’t need to run your NPM on the VPS (although it does make things easier). You can:

        • Forward the whole interface to your server and just sort things out there. Downside: all visitors will appear to have the VPS’s IP.
        • Do DNAT/SNAT one the VPS to make the forwarded connections appear to have the original remote IP instead of the VPS. Downside: a bit more complicated (a few firewall rules).
        • Install a very basic nginx proxy on the VPS whose whole job is to put the original remote IP in a HTTP header, and on your server NPM use that header. Downside: you have to terminate and restart the TLS connection on the VPS.
        • Use SSH tunnels instead of VPN tunnels. A VPN forwards a whole interface, a SSH tunnel forwards a single port. You will still have to deal with the IP thing. Additional downside is that it only works for TCP, it’s not worth bothering to forward UDP. But it’s much simpler to set up than a VPN, basically one command (or autossh to maintain it automatically).
    • @atzanteol@sh.itjust.works
      link
      fedilink
      English
      011 months ago

      This would prevent your friend from having to open ports in their router and from exposing their IP to the world (beyond their normal traffic, that is).

      Their IP address is already “exposed to the world.” I keep seeing people recommending this pattern in this community for the same reason. But I genuinely don’t understand it. It sounds like one of those VPN ads frankly.

      Your IP address is not private.

      Frankly I would mothball the servers and move everything to the cloud rather than use a friend’s resources. You retain control over the environment and don’t need to worry about somebody unplugging your computer to vacuum.

      • Admiral Patrick
        link
        fedilink
        English
        211 months ago

        Their IP address is already “exposed to the world.” I keep seeing people recommending this pattern in this community for the same reason. But I genuinely don’t understand it. It sounds like one of those VPN ads frankly.

        Your IP address is not private.

        I did state “beyond their normal traffic”. And you do realize there’s a significant difference between exposing your IP as a client and exposing your IP as one that has servers hosted behind it, right? It’s not about protecting that or keeping it secret. It’s about not putting a target on their friend’s IP address for all the bots and script kiddies to hit.

        • @atzanteol@sh.itjust.works
          link
          fedilink
          English
          111 months ago

          And you do realize there’s a significant difference between exposing your IP as a client and exposing your IP as one that has servers hosted behind it, right?

          No, there isn’t. Bots scan indiscriminately. And script kiddies will still attack your servers running in their network, just via your proxy.

      • lemmyvore
        link
        fedilink
        English
        111 months ago

        With this pattern you open up an outgoing connection to the VPS, establish a two-way tunnel, and the VPS will use it to forward connections to you.

        People who use your services this way see the VPS’s public IP, yours is hidden from them.

        Sure, you still have a public IP while doing this but (a) only the VPS can see it and (b) you really don’t have to open ports on it and in fact may not even be reachable through it if it’s doing NAT.

          • lemmyvore
            link
            fedilink
            English
            111 months ago

            The most common ones:

            • Hiding your IP when you open services to the internet. Some people live in suburbs or towns where their IP can pinpoint their house almost perfectly.
            • Breaking out of ISP NAT (aka carrier NAT / CGNAT), where clients can’t open connections to your public IP.
            • @atzanteol@sh.itjust.works
              link
              fedilink
              English
              011 months ago

              Hiding your IP when you open services to the internet.

              No it doesn’t. It hides it from things accessing your server but your IP address is not a secret and bots will scan it even if you do absolutely nothing on-line. And unless you’re using a VPN 24x7 while browsing you give your IP address out more often by “using the internet” than you would by “running a server”.

              Though I suppose if you’re the sort of person who really cares about hiding their IP you’re also using a VPN 24x7 anyway… The VPN companies’ marketing has worked wonders on spooking people about “your IP is available” it seems. I mean - sure, it is. But who cares?

              Breaking out of ISP NAT (aka carrier NAT / CGNAT), where clients can’t open connections to your public IP.

              That’s fair - if needed.